Ensure that UserID matches database when logging in

The MySQL string comparison in SinglePointLogin was authenticating in a case-insensitive manner, resulting in various places in the code failing if they tried to compare $_SESSION['State']->getUsername() (which has the value from when the user logged in) with User::singleton()->getUsername() (which has the value from the database) in PHP (which, unlike MySQL, *is* case sensitive.) This updates the SinglePointLogin class so that it uses the username from the database, rather than the HTTP request for the username in $_SESSION['State'].
aces · Oct 12, 2017 · 5e584e6 · 5e584e6
1 parent 87c7fa4
commit 5e584e6
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/php/libraries/SinglePointLogin.class.inc b/php/libraries/SinglePointLogin.class.inc
@@ -400,6 +400,7 @@ class SinglePointLogin
 
         // check users table to see if we have a valid user
         $query = "SELECT COUNT(*) AS User_count,
+                        UserID,
                         Password_expiry,
                         Active,
                         Pending_approval,
@@ -408,6 +409,8 @@ class SinglePointLogin
                   WHERE UserID = :username
                   GROUP BY UserID";
         $row   = $DB->pselectRow($query, array('username' => $username));
+        // Ensure that the username matches the DB in setState()
+        $this->_username = $row['UserID'];
 
         if ($row['User_count'] == 1) {
             // validate passsword